diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/gitolite-openssh-6.8-compat.patch | 25 | ||||
-rw-r--r-- | gnu/packages/patches/gobject-introspection-cc.patch | 25 | ||||
-rw-r--r-- | gnu/packages/patches/pycairo-wscript.patch | 31 | ||||
-rw-r--r-- | gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch | 42 |
4 files changed, 109 insertions, 14 deletions
diff --git a/gnu/packages/patches/gitolite-openssh-6.8-compat.patch b/gnu/packages/patches/gitolite-openssh-6.8-compat.patch new file mode 100644 index 0000000000..d7fc2e6b12 --- /dev/null +++ b/gnu/packages/patches/gitolite-openssh-6.8-compat.patch @@ -0,0 +1,25 @@ +From ed807a40c6683960e357bc995b3acf721ec088b4 Mon Sep 17 00:00:00 2001 +From: Sitaram Chamarty <sitaram@atc.tcs.com> +Date: Thu, 19 Mar 2015 05:17:59 +0530 +Subject: [PATCH] openssh 6.8 compat + +--- + src/triggers/post-compile/ssh-authkeys | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/triggers/post-compile/ssh-authkeys b/src/triggers/post-compile/ssh-authkeys +index 84dda73..d5f5d8b 100755 +--- a/src/triggers/post-compile/ssh-authkeys ++++ b/src/triggers/post-compile/ssh-authkeys +@@ -115,7 +115,7 @@ sub fp_file { + my $f = shift; + my $fp = `ssh-keygen -l -f '$f'`; + chomp($fp); +- _die "fingerprinting failed for '$f'" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/; ++ _die "fingerprinting failed for '$f'" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/ or $fp =~ m(SHA256:([A-ZA-z0-9+/]+)); + $fp = $1; + return $fp; + } +-- +2.2.1 + diff --git a/gnu/packages/patches/gobject-introspection-cc.patch b/gnu/packages/patches/gobject-introspection-cc.patch index 38b919a746..d9cacf4ca7 100644 --- a/gnu/packages/patches/gobject-introspection-cc.patch +++ b/gnu/packages/patches/gobject-introspection-cc.patch @@ -1,14 +1,11 @@ ---- a/giscanner/sourcescanner.py 2013-12-15 23:03:54.002937000 +0100 -+++ b/giscanner/sourcescanner.py 2013-12-15 23:04:50.322937000 +0100 -@@ -277,6 +277,11 @@ - defines = ['__GI_SCANNER__'] - undefs = [] - cpp_args = os.environ.get('CC', 'cc').split() # support CC="ccache gcc" -+ if (cpp_args == ['cc'] and -+ not any(map(lambda x: os.access(os.path.join(x, 'cc'), os.X_OK), -+ os.environ.get('PATH').split(':')))): -+ cpp_args = ['GUIX_GCC_PATH'] -+ - if 'cl' in cpp_args: - # The Microsoft compiler/preprocessor (cl) does not accept - # source input from stdin (the '-' flag), so we need +Use gcc as the default C compiler if CC is not set. + + +--- gobject-introspection-1.44.0.orig/giscanner/__init__.py 2014-08-04 22:37:07.000000000 +0800 ++++ gobject-introspection-1.44.0/giscanner/__init__.py 2015-04-20 17:30:26.507697234 +0800 +@@ -22,3 +22,5 @@ + builddir = os.environ.get('UNINSTALLED_INTROSPECTION_BUILDDIR') + if builddir is not None: + __path__.append(os.path.join(builddir, 'giscanner')) ++if not 'CC' in os.environ: ++ os.environ['CC'] = 'gcc' diff --git a/gnu/packages/patches/pycairo-wscript.patch b/gnu/packages/patches/pycairo-wscript.patch new file mode 100644 index 0000000000..c49f0afcb3 --- /dev/null +++ b/gnu/packages/patches/pycairo-wscript.patch @@ -0,0 +1,31 @@ +Update the wscript to work with waf-1.8.8. Based on: +http://cgit.freedesktop.org/pycairo/commit/?id=c57cd129407c904f8c2f752a59d0183df7b01a5e + + +--- pycairo-1.10.0.orig/wscript 2011-04-18 15:42:29.000000000 +0800 ++++ pycairo-1.10.0/wscript 2015-04-20 13:01:45.383756898 +0800 +@@ -13,18 +13,18 @@ + + def options(ctx): + print(' %s/options()' %d) +- ctx.tool_options('gnu_dirs') +- ctx.tool_options('compiler_cc') +- ctx.tool_options('python') # options for disabling pyc or pyo compilation ++ ctx.load('gnu_dirs') ++ ctx.load('compiler_c') ++ ctx.load('python') # options for disabling pyc or pyo compilation + + + def configure(ctx): + print(' %s/configure()' %d) + + env = ctx.env +- ctx.check_tool('gnu_dirs') +- ctx.check_tool('compiler_cc') +- ctx.check_tool('python') ++ ctx.load('gnu_dirs') ++ ctx.load('compiler_c') ++ ctx.load('python') + ctx.check_python_version((3,1,0)) + ctx.check_python_headers() + ctx.check_cfg(package='cairo', atleast_version=cairo_version_required, diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch new file mode 100644 index 0000000000..de1964ca76 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch @@ -0,0 +1,42 @@ +From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Tue, 7 Apr 2015 11:32:11 +0300 +Subject: [PATCH] P2P: Validate SSID element length before copying it + (CVE-2015-1863) + +This fixes a possible memcpy overflow for P2P dev->oper_ssid in +p2p_add_device(). The length provided by the peer device (0..255 bytes) +was used without proper bounds checking and that could have resulted in +arbitrary data of up to 223 bytes being written beyond the end of the +dev->oper_ssid[] array (of which about 150 bytes would be beyond the +heap allocation) when processing a corrupted management frame for P2P +peer discovery purposes. + +This could result in corrupted state in heap, unexpected program +behavior due to corrupted P2P peer device information, denial of service +due to process crash, exposure of memory contents during GO Negotiation, +and potentially arbitrary code execution. + +Thanks to Google security team for reporting this issue and smart +hardware research group of Alibaba security team for discovering it. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + src/p2p/p2p.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index f584fae..a45fe73 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, + if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) + os_memcpy(dev->interface_addr, addr, ETH_ALEN); + if (msg.ssid && ++ msg.ssid[1] <= sizeof(dev->oper_ssid) && + (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || + os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) + != 0)) { +-- +1.9.1 + |